MS Active Directory using BIND DDNS

Kevin Darcy kcd at daimlerchrysler.com
Tue Aug 6 23:10:11 UTC 2002


Kevin Darcy wrote:

> "Cinense, Mark" wrote:
>
> > Greetings,
> >         Our group just finished visiting with an MS consultant, that we are
> > paying top dollar for.  I had asked him if he has worked with integrating an
> > Active Directory environment using a BIND DDNS.  Well, his answer was no.
> > Is there anyone using a BIND DDNS server that is seperate, with a Microsoft
> > Active Directory, Domain Controller.  Any pros and con experience input
> > highly welcomed.
>
> Depends on exactly what you mean by "integrating".
>
> Can you have crypto-authenticated updates between BIND nameservers and Domain
> Controllers? No.
>
> Can you have "multi-master replication" between BIND and MS-DNS? No.
>
> But if all you want is for the Domain Controllers to write SRV records into
> your BIND-hosted zones, with ACLs based (weakly) on source IP address, then
> BIND and AD can "integrate" just fine...

Or, as others have done, just delegate the "underscore" subdomains (_msdcs, _tcp,
_udp, etc.) to the MS-DNS servers...


- Kevin




More information about the bind-users mailing list